USG1100 - VPN IKEV2 occasionally AUTH fail

another_user
another_user Posts: 12  Freshman Member
First Comment Third Anniversary
edited April 2021 in Security
Hello all

i have upgradated to the last version V4.39(AAPK.0)  that resolve le ssl vpn group access.

However, now i have an occasionally strange bug with VPN ike.

The configuration  is the same, nothing is changed (only firmware)

AD -->  windows server 2012 R2 64
Zyxel -->  USG1100


with AD + mschapv2 authentication

This VPN worked perfectly on firmware  4.31, now sometimes reporting (on Ike log) AUTH FAIL, this problem happens every 7-10 days  for only 20-30 minutes (the time is very strange and variable), on multiple users simultaneously, than disappears after some minutes.
The connected users before error remains connected.

The clients are windows 10 with integrated VPN.

Seems the problem concern phase 1 - mschap, like the firewall sometimes didn't check the ad server for users login.

There is a correct AAA server mschap with user domain ad group, the firewall is on active directory, but i noticed that on auth metod, mschap is  last and not present on default.




Could possibly resolve adding group ad_mschap on default method?

if you need more info just ask.

many thanks











Security Highlight